Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

Explicit permissions required to Disable Container vulnerability results

Copper Contributor

Hi Team, 

 

We would like to disable some of the vulnerability assessments made in our container registry.  We found a nice documentation on how to do that https://learn.microsoft.com/en-us/azure/defender-for-cloud/defender-for-containers-vulnerability-ass....

However it seems we can't disable this with Contributor access on the subscription and also with Resource Policy Contributor role. We tried with Owner/User Access Administrator access and then we are able to disable it. 

In our setup, it's not possible to get  Owner/User Access Administrator on the Subscription.  

 

Question 1: Do we have any other built in role which can help to disable it? 
Question 2: If we have to create a custom role, what actions that role should have permission to ? 

Question 3: Any other implementation suggestion where a "contributor" can disable particular vulnerability assessment ? 

0 Replies